Setting SELinux mode

Security-Enhanced Linux (SELinux) allows you to set access control through policies. If you are having trouble deploying CDH with your policies, set SELinux in permissive mode on each host before you deploy CDH on your cluster.

To set the SELinux mode, perform the following steps on each host.

  1. Check the SELinux state:
    getenforce
  2. If the output is either Permissive or Disabled, you can skip this task and continue on to Disabling the Firewall. If the output is enforcing, continue to the next step.
  3. Open the /etc/selinux/config file (in some systems, the /etc/sysconfig/selinux file).
  4. Change the line SELINUX=enforcing to SELINUX=permissive.
  5. Save and close the file.
  6. Restart your system or run the following command to disable SELinux immediately:
    setenforce 0

After you have installed and deployed CDH, you can re-enable SELinux by changing SELINUX=permissive back to SELINUX=enforcing in /etc/selinux/config (or /etc/sysconfig/selinux), and then running the following command to immediately switch to enforcing mode:

setenforce 1

If you are having trouble getting Cloudera Software working with SELinux, contact your OS vendor for support. Cloudera is not responsible for developing or supporting SELinux policies.